Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3256 articles · 170413 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-54887PATCHED
erlang · otp

DTLS server cookie bypass during startup window due to empty initial cookie secret

Description

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls_server_connection:initial_hello/3 initializes previous_cookie_secret to the empty binary (<<>>) instead of a random value. Because HMAC with an empty key is deterministic, anyone who observes the plaintext ClientHello can compute dtls_handshake:cookie(<<>>, IP, Port, Hello) and forge a valid DTLS cookie before the first rotation of the cookie secret. The DTLS cookie (RFC 6347 §4.2.1) is a denial-of-service mitigation that prevents spoofed source IPs from forcing the server to allocate state and perform expensive cryptographic operations; it is not an authentication mechanism. During the window from server startup until the first secret rotation (0 to 15 seconds), an attacker who can observe the plaintext ClientHello can bypass the source address verification, enabling DTLS handshake amplification with spoofed source addresses. This vulnerability is associated with program file lib/ssl/src/dtls_server_connection.erl and program routine dtls_server_connection:initial_hello/3. This issue affects OTP from OTP 20.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 8.2 before 11.7.3, 11.6.0.3 and 11.2.12.10.

Affected Products

VendorProductVersions
erlangotp8.2, 20.0, e594aad2f87aab39e99fccf9e021bc94e0bbf7d4

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourceerlang/otpcert_advisory90%

References

  • https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8(vendor-advisory, related)
  • https://cna.erlef.org/cves/CVE-2026-54887.html(related)
  • https://osv.dev/vulnerability/EEF-CVE-2026-54887(related)
  • https://www.erlang.org/doc/system/versions.html#order-of-versions(x_version-scheme)
  • https://github.com/erlang/otp/commit/888e3bcd72d5406016b9e0de741026bc2a6f114d(patch)

Related News (2 articles)

Tier B
BSI Advisories12h ago
[NEU] [mittel] Erlang/OTP: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB1d ago
CVE-2026-54887 | Erlang OTP up to 29.0.2 dtls_server_connection.erl random default key
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
*888e3bcd72d5406016b9e0de741026bc2a6f114d
CWECWE-1394
PublishedJul 2, 2026
Last enriched1d agov2
Tags
CVE-2026-54887
Trending Score30
Source articles2
Independent2
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-55950EXP
DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions
Trending: 57
NONECVE-2026-55952EXP
TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension
Trending: 52
NONECVE-2026-54886EXP
SSH SFTP server denial of service via extended channel data infinite loop
Trending: 48
NONECVE-2026-53422
SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Trending: 30
NONECVE-2026-54891
Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Trending: 30

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 2, 2026
Discovered by ZDM
Jul 2, 2026
Updated: description, affectedVersions, severity
Jul 2, 2026
Updated: description, severity, affectedVersions, tags
Jul 2, 2026
Patch Available
Jul 3, 2026

Version History

v2
Last enriched 1d ago
v2Tier C1d ago

Updated description with new details, changed severity to HIGH, added affected versions, and noted no exploit is available.

descriptionseverityaffectedVersionstags
via VulDB
v2Tier C1d ago

Updated description with new details, added affected version 29.0.2, changed severity to PROBLEMATIC, and noted no exploit is available.

descriptionaffectedVersionsseverity
via VulDB
v11d ago

Initial creation